English
  • Italiano
  • English
  • Español
  • Français
  • Home
  • Privacy & Cookies Policy

Privacy & Cookies Policy

Corporate policy for the protection of personal data, aimed at safeguarding the fundamental rights and freedoms of individuals who visit this website pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR). For users residing in the European Union, the processing of personal data is governed by Regulation (EU) 2016/679 (GDPR). For users outside the EU, we are committed to respecting the data protection principles outlined herein, unless otherwise required by the local laws applicable in the user’s jurisdiction.

  1. PURPOSE
  2. DESCRIPTION
  3. SCOPE OF APPLICATION
  4. INFORMATION SECURITY POLICY
  5. RESPONSIBILITY FOR THE INFORMATION SECURITY POLICY

1. PURPOSE

The purpose of this document is to outline the general security principles and confidentiality obligations regarding the information and personal data defined by the Data Controller, ensuring an efficient and secure system for managing procedures and processes related to personal data protection for all parties involved in data processing, in compliance with the fundamental rights and freedoms of individuals, pursuant to Regulation (EU) 2016/679 (hereinafter “GDPR”) for EU users and, for non-EU users, in accordance with applicable local laws where relevant.

2. DESCRIPTION

BluAlghero-Sardinia aims to achieve information security objectives concerning personal data, technological, physical, logical, and organizational structures, and their management. This entails establishing and maintaining a secure information management system by adhering to the principles set forth in Articles 5 and 6 of the GDPR for EU users, adapted as necessary to local regulations for non-EU users:

  • Lawfulness, fairness, transparency;
  • Ensuring that data collection and processing are limited to contractual purposes that are specific, explicit, and legitimate, and subsequently processed in a manner consistent with those purposes;
  • Adequate, relevant, and limited to what is necessary for the purposes for which they are processed (principle of “data minimization”);
  • Accurate and, where necessary, kept up to date; all reasonable measures must be taken to promptly erase or rectify inaccurate data with respect to the purposes for which they are processed (“accuracy”);
  • Kept in a form that permits identification of data subjects for no longer than necessary to achieve the purposes for which they are processed;
  • Processed in a manner that ensures appropriate security of personal data, including protection through suitable technical and organizational measures against unauthorized or unlawful processing and against accidental loss, destruction, or damage (“principle of integrity and confidentiality”);
  • Safeguarding the integrity of information against unauthorized changes;
  • Ensuring the reliability of the sources of information;
  • Ensuring the protection and control of personal data.

3. SCOPE OF APPLICATION

The personal data protection policy applies to all processes and resources involved in the design, implementation, initiation, and ongoing delivery of services, for both EU and non-EU users.

Products and services provided:

  • Web platform for promoting the territory and offering tourist booking and assistance services;
  • Marketing campaigns through affiliate programs;
  • Advertisements for accommodation facilities and businesses.

4. INFORMATION SECURITY POLICY

  • Verification of the data processed, identifying their types and categories;
  • Verification of the purpose and legal basis of each processing activity, to provide adequate information to data subjects (Articles 13 and 14 GDPR for EU users or equivalent local regulations);
  • Preparation of notices compliant with Articles 13 and 14 GDPR for EU users, including the rights granted (access, erasure, rectification, restriction, objection, portability), adapted as necessary for non-EU users;
  • Procedure for data breaches (Data Breach, Articles 33 and 34 GDPR for EU users), with notification to the supervisory authority within 72 hours and to data subjects in case of high risk, or in accordance with local obligations for non-EU users;
  • Data protection impact assessment (Article 35 GDPR for EU users) if the processing poses high risks, recommended also for non-EU users where applicable;
  • Designation of a Data Protection Officer (DPO, Articles 37-39 GDPR) mandatory only in specific cases (e.g., large-scale monitoring), optional on a voluntary basis.

5. RESPONSIBILITY FOR THE INFORMATION SECURITY POLICY

The “Data Controller” and the “Processor” are responsible for the secure information management system, assessing actions in response to:

  • Business developments;
  • New threats;
  • Security incidents;
  • Regulatory changes (GDPR for EU, local laws for non-EU).

CONSENT TO PERSONAL DATA PROCESSING

By submitting the request form, the user consents to the processing of their personal data by BluAlghero-Sardinia.com, in compliance with Regulation (EU) 679/2016 for EU users, and acknowledges having read this notice. Non-EU users consent to the processing described herein, unless otherwise required by mandatory local regulations in their jurisdiction. Data is collected only if provided voluntarily (e.g., for bookings) and processed internally, in accordance with the GDPR or applicable local laws.

DATA PROTECTION STATEMENT

We do not share personal data with companies outside BluAlghero-Sardinia.com without explicit consent. We may send information about our services (offers, promotions, events), which can be revoked at any time.

LINKS TO OTHER WEBSITES

The site includes links to third-party websites, for whose content or privacy policies we are not responsible.

CHARACTERISTICS OF PERSONAL DATA USE

We collect data related to:

  • Identification data: name, surname, username;
  • Contact data: email, phone, addresses;
  • Financial data: payment information;
  • Transaction data: details of payments and purchases;
  • Technical data: IP, browser, device;
  • Usage data: site usage;
  • Tracking data: cookies, tracking;
  • Marketing data: marketing preferences.
    We also use aggregated data (e.g., statistical) that does not identify the user. We do not collect sensitive or judicial data.

COOKIE POLICY

Cookies enhance the user experience (e.g., preferences, anonymous analytics). They do not record identifiable data unless necessary. Users can disable them via their browser.

Types

  • Essential cookies: for navigation and functionality;
  • Performance cookies: anonymous analytics;
  • Functionality cookies: personalization.

Google Analytics

We use Google Analytics 4 with anonymized IP to analyze site usage (data retained for up to 14 months). Opt-out plugin: http://tools.google.com/dlpage/gaoptout?hl=it.

Google Consent Mode

Google Consent Mode manages consent for cookies and tracking (e.g., Analytics, AdSense), activated only with explicit consent (EDPB Guidelines).

Third-party cookies

Cookies for marketing/retargeting (e.g., Google AdSense, Booking.com) display relevant ads.

Management

Users can accept, block, or delete cookies via their browser.

WHAT TYPES OF COOKIES DOES THIS SITE USE?

  • Technical cookies: navigation;
  • Analytics cookies: statistics;
  • Third-party cookies: marketing/retargeting.

HOW TO DISABLE/ENABLE COOKIES

The initial banner informs about cookies. By continuing navigation, the user consents to their use.

THIRD-PARTY TRACKING TOOLS

  • Cloudflare: traffic optimization;
  • Google Maps, YouTube: content;
  • Google Tag Manager: tag management;
  • Google Analytics 4: statistics;
  • Google AdSense: banners;
  • Facebook, Instagram: social;
  • Booking.com, GetYourGuide, etc.: affiliation;
  • Contact Form 7: forms;
  • PayPal: payments;
  • Google reCAPTCHA: spam protection.

DATA COLLECTION METHODS

  • Direct interaction: forms, email, social;
  • Technical/tracking data: navigation;
  • Third parties: analytics, advertising, partners.

USE OF PERSONAL DATA

  • Contract execution;
  • Legitimate interests (e.g., fraud prevention);
  • Legal obligations.
    Consent is required for marketing and can be revoked.

ADVERTISING, MARKETING, AND PREFERENCES

We personalize offers via email or online ads, which can be canceled via link or cookie preferences.

DISCLOSURE OF PERSONAL DATA

We share data with third parties (e.g., Google) for advertising and analytics purposes or in case of business transfers. These third parties may transfer data outside the European Economic Area (EEA), such as to the United States or the United Kingdom. For EU users, processing complies with the GDPR. For non-EU users, processing and any transfers are subject to the local laws applicable in their jurisdiction. For more information on how third parties handle transfers, please refer to their privacy policies.

PAYMENT INFORMATION

PayPal handles payments with security standards. We do not access card details.

DATA SECURITY

Technical and organizational measures protect the data.

THIRD-PARTY LINKS

We do not control linked third-party sites.

DATA RETENTION

We retain data only for the stated purposes or legal obligations. Users may request deletion.

RIGHTS GRANTED BY LAW

EU users (GDPR):

  • Information, access, rectification, erasure, restriction, portability, objection, transparency;
  • Complaints (e.g., Italian Data Protection Authority: www.garanteprivacy.it; ICO: www.ico.org.uk).
    Non-EU users: rights vary by local law; contact us to exercise them where compatible.

CHANGES TO THIS PRIVACY POLICY

Last updated: March 6, 2025

DATA CONTROLLER

Funn Italiano, London, United Kingdom. Email: info@blualghero-sardinia.com

About us | T&C | Cookies & Privacy | Affiliate programs

Copyright © 2011-2025 bluAlghero-Sardinia

A brand of Funn Italiano LTD, Company Reg. Number 16243962.

About us | T&C | Cookies & Privacy | Affiliate programs

Copyright © 2011-2025 bluAlghero-Sardinia

A brand of Funn Italiano LTD, Company Reg. Number 16243962.

web design Easy Grafica